[openstack-dev] [magnum]password for registry v2

王华 wanghua.humble at gmail.com
Thu Aug 13 08:06:13 UTC 2015

Hi all,

In order to add registry v2 to bay nodes[1], authentication information is
needed for the registry to upload and download files from swift. The swift
storage-driver in registry now needs the parameters as described in [2].
User password is needed. How can we get the password?

1. Let user pass password in baymodel-create.
2. Use user token to get password from keystone

Is it suitable to store user password in db?

It may be insecure to store password in db and expose it to user in a
config file even if the password is encrypted. Heat store user password in
db before, and now change to keystone trust[3]. But if we use keystone
trust, the swift storage-driver does not support it. If we use trust, we
expose magnum user's credential in a config file, which is also insecure.

Is there a secure way to implement this bp?

[1] https://blueprints.launchpad.net/magnum/+spec/registryv2-in-master
[3] https://wiki.openstack.org/wiki/Keystone/Trusts

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150813/0ea8f9ac/attachment.html>

More information about the OpenStack-dev mailing list